docs: add a sample for DP Konnect cert-manager (#2549)

Signed-off-by: Jintao Zhang <[email protected]>

Author: tao12345666333

config/samples/dataplane-konnect-cert-manager.yaml

@@ -0,0 +1,67 @@
+# This example shows how to use KonnectExtension + cert-manager to provision a Konnect Data Plane client
+# certificate and configure Konnect endpoints automatically (no manual KONG_CLUSTER_* envs).
+# Prerequisites:
+# - cert-manager installed in the cluster (https://cert-manager.io/docs/installation/)
+# - A KonnectGatewayControlPlane already created in the cluster (see other samples)
+# - Replace the <YOUR_KONNECT_CP_RESOURCE_NAME> placeholder below with your KonnectGatewayControlPlane name
+#
+# 1) Ensure there is an Issuer/ClusterIssuer available (example below is commented out
+#    to keep this sample applyable without cert-manager CRDs pre-installed).
+#    For production, replace with an issuer backed by a CA trusted by Konnect.
+#
+# apiVersion: cert-manager.io/v1
+# kind: ClusterIssuer
+# metadata:
+#   name: konnect-dp-selfsigned
+# spec:
+#   selfSigned: {}
+#
+# 2) Create a KonnectExtension that references your Konnect control plane. The operator will populate
+#    the Konnect endpoints and inject required envs into the DataPlane.
+---
+apiVersion: konnect.konghq.com/v1alpha2
+kind: KonnectExtension
+metadata:
+  name: my-konnect-config
+spec:
+  konnect:
+    controlPlane:
+      ref:
+        # Defaults to type: konnectNamespacedRef
+        konnectNamespacedRef:
+          name: <YOUR_KONNECT_CP_RESOURCE_NAME>
+    # Optional: apply labels to this DataPlane in Konnect (replaces KONG_CLUSTER_DP_LABELS)
+    dataPlane:
+      labels:
+        type: "k8s"
+---
+# 3) Create a DataPlane that references the cert-manager issuer and the KonnectExtension. The operator will:
+#    - create a cert-manager Certificate owned by this DataPlane
+#    - mount the issued Secret into the proxy container
+#    - set KONG_CLUSTER_CERT and KONG_CLUSTER_CERT_KEY automatically
+#    - set Konnect-related envs (role, endpoints, konnect mode, telemetry, etc.) from KonnectExtension
+apiVersion: gateway-operator.konghq.com/v1beta1
+kind: DataPlane
+metadata:
+  name: konnect-cert-manager-example
+spec:
+  extensions:
+    - kind: KonnectExtension
+      name: my-konnect-config
+      group: konnect.konghq.com
+  network:
+    konnectCertificate:
+      issuer:
+        # Namespace omitted -> use ClusterIssuer with this name
+        name: konnect-dp-selfsigned
+  deployment:
+    replicas: 3
+    podTemplateSpec:
+      spec:
+        containers:
+          - name: proxy
+            # renovate: datasource=docker versioning=docker
+            image: kong:3.9
+            readinessProbe:
+              initialDelaySeconds: 1
+              periodSeconds: 1